Jump to content


Photo
- - - - -

Whitesmoke Tool Bar

removal

  • This topic is locked This topic is locked
12 replies to this topic

#1 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 01:58 PM

.I have been hacked by Whitesmoke Tool Bar. Please help.

ddemaree



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2008 4:30:28 PM
System Uptime: 4/19/2013 7:12:02 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0R038D
Processor: Intel Pentium III Xeon processor | Socket 775 | 3158/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 79.692 GiB free.
D: is CDROM ()
I: is FIXED (NTFS) - 279 GiB total, 182.443 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ATI Technologies, Inc. 3D RAGE PRO AGP
Device ID: ROOT\DISPLAY\0000
Manufacturer: ATI Technologies, Inc.
Name: ATI Technologies, Inc. 3D RAGE PRO AGP
PNP Device ID: ROOT\DISPLAY\0000
Service: atirage3
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.4 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Aimersoft DRM Media Converter(Build 1.5.4.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AVG 2013
AVS Audio Converter 7
AVS Audio Converter version 5.1
AVS Audio Editor version 4.2
AVS Audio Recorder version 3.9
AVS Mobile Uploader version 1.9
AVS Ringtone Maker version 1.6
AVS Update Manager 1.0
AVS Video to GO
AVS4YOU Software Navigator 1.4
Bonjour
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
Dell Support Center
Diagnostics Utility
doubleTwist
DVD43 v4.6.0
EPSON TWAIN 5
ffdshow [rev 2527] [2008-12-19]
GetSavin
Google Chrome
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB946554)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Card Games 2004
Hoyle Card Games 5
InfoAtoms
iTunes
Java Auto Updater
Java™ 6 Update 29
Logitech SetPoint
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint 2002 North America
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Media Video 9 VCM
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.8)
MP3 Player Utilities 5.01
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB927977)
Nero Media Player
Nero OEM
Nero PhotoShow Express
NeroVision Express 2
OGA Notifier 2.0.0048.0
OverDrive Media Console
PC Tools Registry Mechanic 11.1
PDF Settings CS5
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.7
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Snood 4
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
swMSM
The Weather Channel App
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
WebFldrs XP
WhiteSmoke New Toolbar
Window Washer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Search 4.0
Windows Support Tools
Wizard101
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/15/2013 6:29:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
4/15/2013 6:29:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/15/2013 6:29:31 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2013 6:29:31 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/15/2013 6:28:08 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/15/2013 6:28:04 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
4/15/2013 4:20:32 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
4/15/2013 4:18:43 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by David Demaree at 14:36:49 on 2013-04-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1537 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\PROGRA~1\Ahead\Ahead\data\xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Demaree\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN76913275935928115&UM=2&UP=SPAC98E27E-5F1B-497B-BB1B-4D4C0CAF3D58&SSPV=TB_C4
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: {739df940-c5ee-4bab-9d7e-270894ae687a} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GetSavin 5.0: {DDF87DE2-445A-4DD9-AC37-981F5DC7F8A4} - c:\documents and settings\david demaree\local settings\application data\getsavin\ie\getsavin_1365985201.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE"
mRun: [Alcmtr] "c:\windows\ALCMTR.EXE"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Logitech Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [dvd43] "c:\program files\dvd43\dvd43_tray.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "c:\program files\common files\adobe\switchboard\SwitchBoard.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/w...1c148eeef0d9fda
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{95FFBC24-4D92-43ED-B5FC-C9A4A8D662CF} : DHCPNameServer = 10.0.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david demaree\application data\mozilla\firefox\profiles\wgml6a8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN44264636197064812&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN44264636197064812&UM=2&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN44264636197064812&UM=2&q=
FF - plugin: c:\documents and settings\david demaree\application data\mozilla\firefox\profiles\wgml6a8l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\david demaree\application data\mozilla\firefox\profiles\wgml6a8l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-26 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-10-27 8960]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-1-24 794272]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-10-31 598856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-7-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-7-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-7-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-7-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-7-26 25704]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2008-11-27 45344]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-10-27 11264]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-1-8 27064]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-10-27 16640]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-04-17 01:31:57 -------- d-----w- c:\documents and settings\david demaree\application data\SearchProtect
2013-04-15 00:32:25 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\doubleTwist_Corporation
2013-04-15 00:32:15 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\doubleTwist Corporation
2013-04-15 00:32:11 -------- d-----w- c:\program files\common files\doubleTwist
2013-04-15 00:32:09 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2013-04-15 00:32:09 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2013-04-15 00:32:09 -------- d-----w- c:\program files\ffdshow
2013-04-15 00:29:57 -------- d-----w- c:\program files\doubleTwist 2.0
2013-04-15 00:29:54 -------- d-----w- c:\documents and settings\david demaree\application data\OpenCandy
2013-04-15 00:29:46 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\WhiteSmoke_New
2013-04-15 00:29:45 -------- d-----w- c:\program files\WhiteSmoke_New
2013-04-15 00:29:45 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\Conduit
2013-04-15 00:29:27 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\CRE
2013-04-15 00:29:00 -------- d-----w- c:\program files\SearchProtect
2013-04-15 00:28:25 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-04-15 00:28:16 -------- d-----w- c:\program files\InfoAtoms
2013-04-15 00:28:16 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\getsavin
2013-04-03 19:48:38 -------- d-----w- c:\documents and settings\david demaree\application data\AVG2013
2013-04-03 19:47:19 -------- d--h--w- C:\$AVG
2013-04-03 19:47:19 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-04-03 19:42:06 -------- d-----w- c:\documents and settings\david demaree\local settings\application data\Avg2013
2013-03-20 21:11:23 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-20 21:11:23 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M ====================
.
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 18:48:54 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:48:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-03-01 14:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-27 03:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 07:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 08:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 08:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 08:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 08:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 14:37:15.64 ===============

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 02:16 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Make sure you're subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"


Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>Please stick with me until I give you the "all clear".


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 02:36 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David Demaree [Admin rights]
Mode : Scan -- Date : 04/19/2013 15:32:11
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] cltmng.exe -- C:\Documents and Settings\David Demaree\Application Data\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Documents and Settings\David Demaree\Application Data\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : Logitech Hardware Abstraction Layer ("C:\WINDOWS\KHALMNPR.EXE") [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2115859130-3159980101-1400957000-1005[...]\Run : SearchProtect (C:\Documents and Settings\David Demaree\Application Data\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD322HJ +++++
--- User ---
[MBR] 84462b6b14642abf70e83e317fe7d488
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 305180 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04192013_02d1532.txt >>
RKreport[1]_S_04192013_02d1532.txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 02:41 PM

Is there a reason why you have system restore and firewall disabled:

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND


------------------------------------------

See if you can uninstall these from your add/remove programs:
WhiteSmoke New Toolbar
Search Protect by conduit


Then.............

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 02:58 PM

I could not remove White Smoke, but was able to remove search proceted


# AdwCleaner v2.200 - Logfile created 04/19/2013 at 15:55:51
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David Demaree - MCKINLEY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David Demaree\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

***** [Files / Folders] *****
File Found : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\searchplugins\Askcom.xml
File Found : C:\END
Folder Found : C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\CT3289847
Folder Found : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\CT3289847
Folder Found : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\Smartbar
Folder Found : C:\Documents and Settings\David Demaree\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\David Demaree\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\getsavin
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\David Demaree\Local Settings\Application Data\WhiteSmoke_New
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Search Toolbar
Folder Found : C:\Program Files\WhiteSmoke_New

***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\WhiteSmoke_New
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Found : HKLM\Software\WhiteSmoke_New
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN76913275935928115&UM=2&UP=SPAC98E27E-5F1B-497B-BB1B-4D4C0CAF3D58&SSPV=TB_C4
-\\ Mozilla Firefox v3.6.8 (en-US)
File : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\prefs.js
Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3289847.FF19Solved", "true");
Found : user_pref("CT3289847.FirstTime", "true");
Found : user_pref("CT3289847.FirstTimeFF3", "true");
Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Found : user_pref("CT3289847.UserID", "UN44264636197064812");
Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3289847.defaultSearch", "true");
Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3289847.enableAlerts", "true");
Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Found : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Found : user_pref("CT3289847.fixPageNotFoundError", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3289847.fixUrls", true);
Found : user_pref("CT3289847.hxxp___api18_similarsites_com.pid2.enc", "Y2E2NDY2ZDEwYTQ0MmQ1OQ==");
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "Yzk3MWIzMmEtYTFiNy0zNjFiLW[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Found : user_pref("CT3289847.installDate", "14/4/2013 20:28:48");
Found : user_pref("CT3289847.installId", "9818");
Found : user_pref("CT3289847.installType", "conduitnsisintegration");
Found : user_pref("CT3289847.installerVersion", "1.3.7.3");
Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3289847.keyword", "true");
Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3289847.lastVersion", "10.14.380.14");
Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2NjM5NjUxOTY4NQ==");
Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Found : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyJkNGZiODg5Mi0yNzYzLTQ4OGUtOWI1MS0zOGE0MjU0ZDhhNzkiO[...]
Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2NjM5NjUxODY1NQ==");
Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_userId.enc", "ZTc4OTBhZDgtOWQyZC00MTZmLTk4YTAtYjM3YmQwNjE0MDY3");
Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.msn.com%2F\"[...]
Found : user_pref("CT3289847.openThankYouPage", "false");
Found : user_pref("CT3289847.openUninstallPage", "true");
Found : user_pref("CT3289847.price-gong.isManagedApp", "true");
Found : user_pref("CT3289847.revertSettingsEnabled", "true");
Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Found : user_pref("CT3289847.search.searchCount", "0");
Found : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366396511950");
Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1366396511944");
Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366396510974");
Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1366396509963");
Found : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1366396513006");
Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366396511029");
Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1366396509548");
Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1366396508970");
Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1366396511952");
Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366396511007");
Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1366396509706");
Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1366396511928");
Found : user_pref("CT3289847.settingsINI", true);
Found : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Found : user_pref("CT3289847.smartbar.homepage", true);
Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Found : user_pref("CT3289847.startPage", "true");
Found : user_pref("CT3289847.toolbarBornServerTime", "19-4-2013");
Found : user_pref("CT3289847.toolbarCurrentServerTime", "19-4-2013");
Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN44264636[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN4426463619706[...]
Found : user_pref("extensions.crossriderapp498.498.InstallationTime", 1324943812);
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1324943812");
Found : user_pref("extensions.crossriderapp498.bic", "1347cce24aee38b80eea4634523c8ece");
Found : user_pref("extensions.crossriderapp498.firstrun", false);
Found : user_pref("extensions.crossriderapp498.installationdate", 1324943812);
Found : user_pref("extensions.crossriderapp498.lastcheck", 22082397);
Found : user_pref("extensions.crossriderapp498.lastcheckitem", 22082397);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN442646361[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.machineId", "W3JGAM72CJUHSC438KVE5G07+GSEKOWUZ8IOOIKZPZQX7EAWWYE/WKRN1Z6ACNDYUTR[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://www.msn.com/");
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q=");
Found : user_pref("smartbar.originalSearchEngine", "Ask.com");

-\\ Google Chrome v26.0.1410.64
File : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.2992] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/?pc=U016&ocid=U016DHP&dt=041513", "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN15662669326504796&UM=2" ]
*************************
AdwCleaner[R1].txt - [16686 octets] - [19/04/2013 15:55:51]
########## EOF - C:\AdwCleaner[R1].txt - [16747 octets] ##########

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 03:04 PM

Please use the default font, anything else is too hard to read.


Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK if asked.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......reboot and let me know how it is.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 04:28 PM

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 17:18:00
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David Demaree - MCKINLEY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David Demaree\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Deleted on reboot : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\searchplugins\Askcom.xml
File Deleted : C:\END
Folder Deleted : C:\DOCUME~1\DAVIDD~1\LOCALS~1\Temp\CT3289847
Folder Deleted : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\CT3289847
Folder Deleted : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\Smartbar
Folder Deleted : C:\Documents and Settings\David Demaree\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\David Demaree\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\David Demaree\Local Settings\Application Data\getsavin
Folder Deleted : C:\Documents and Settings\David Demaree\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\David Demaree\Local Settings\Application Data\WhiteSmoke_New
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\WhiteSmoke_New

***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\Software\WhiteSmoke_New
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN76913275935928115&UM=2&UP=SPAC98E27E-5F1B-497B-BB1B-4D4C0CAF3D58&SSPV=TB_C4 --> hxxp://www.google.com
-\\ Mozilla Firefox v3.6.8 (en-US)
File : C:\Documents and Settings\David Demaree\Application Data\Mozilla\Firefox\Profiles\wgml6a8l.default\prefs.js
Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.FirstTime", "true");
Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3289847.UserID", "UN44264636197064812");
Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.defaultSearch", "true");
Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3289847.enableAlerts", "true");
Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289847.fixUrls", true);
Deleted : user_pref("CT3289847.hxxp___api18_similarsites_com.pid2.enc", "Y2E2NDY2ZDEwYTQ0MmQ1OQ==");
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "Yzk3MWIzMmEtYTFiNy0zNjFiLW[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Deleted : user_pref("CT3289847.installDate", "14/4/2013 20:28:48");
Deleted : user_pref("CT3289847.installId", "9818");
Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3289847.lastVersion", "10.14.380.14");
Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2NjM5NjUxOTY4NQ==");
Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyJkNGZiODg5Mi0yNzYzLTQ4OGUtOWI1MS0zOGE0MjU0ZDhhNzkiO[...]
Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2NjM5NjUxODY1NQ==");
Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_userId.enc", "ZTc4OTBhZDgtOWQyZC00MTZmLTk4YTAtYjM3YmQwNjE0MDY3");
Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.msn.com%2F\"[...]
Deleted : user_pref("CT3289847.openThankYouPage", "false");
Deleted : user_pref("CT3289847.openUninstallPage", "true");
Deleted : user_pref("CT3289847.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Deleted : user_pref("CT3289847.search.searchCount", "0");
Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1366396511950");
Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1366396511944");
Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1366396510974");
Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1366396509963");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1366396513006");
Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1366396511029");
Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1366396509548");
Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1366396508970");
Deleted : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1366396511952");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1366396511007");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1366396509706");
Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1366396511928");
Deleted : user_pref("CT3289847.settingsINI", true);
Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289847.smartbar.homepage", true);
Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Deleted : user_pref("CT3289847.startPage", "true");
Deleted : user_pref("CT3289847.toolbarBornServerTime", "19-4-2013");
Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "19-4-2013");
Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN44264636[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN4426463619706[...]
Deleted : user_pref("extensions.crossriderapp498.498.InstallationTime", 1324943812);
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:[...]
Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1324943812");
Deleted : user_pref("extensions.crossriderapp498.bic", "1347cce24aee38b80eea4634523c8ece");
Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
Deleted : user_pref("extensions.crossriderapp498.installationdate", 1324943812);
Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22082397);
Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22082397);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN442646361[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "W3JGAM72CJUHSC438KVE5G07+GSEKOWUZ8IOOIKZPZQX7EAWWYE/WKRN1Z6ACNDYUTR[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.msn.com/");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=WE2TDF&PC=WEAC&q=");
Deleted : user_pref("smartbar.originalSearchEngine", "Ask.com");

-\\ Google Chrome v26.0.1410.64
File : C:\Documents and Settings\David Demaree\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.2992] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/?pc=U016&ocid=U016DHP&dt=041513", "hxxp://[...]
*************************
AdwCleaner[R1].txt - [16817 octets] - [19/04/2013 15:55:51]
AdwCleaner[R2].txt - [16878 octets] - [19/04/2013 17:17:16]
AdwCleaner[R3].txt - [16939 octets] - [19/04/2013 17:17:30]
AdwCleaner[S1].txt - [17021 octets] - [19/04/2013 17:18:00]

########## EOF - C:\AdwCleaner[S1].txt - [17082 octets] ##########

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 06:37 PM

How is it????? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 06:43 PM

Seems to be fixed. If I purchase the full version of Malwarebytes should I still use AVG Free or should I buy an anti virus program? thanks for your help.

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 06:46 PM

Seems to be fixed. If I purchase the full version of Malwarebytes should I still use AVG Free or should I buy an anti virus program? thanks for your help.


Yes, MB is not a substitute for an anti-virus program.
If you're going to do that I would suggest you uninstall AVG and install Avast or Avaira (free)

----------------------


Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 ddemaree

ddemaree

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 April 2013 - 07:00 PM

Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (3.6.8) Firefox out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 19 April 2013 - 07:05 PM

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


Java™ 6 Update 29 <---Please uninstall from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".


Mozilla Firefox (3.6.8) Firefox out of Date! <---please check for an update if available


Google Chrome 26.0.1410.43 <----OLD
Google Chrome 26.0.1410.64 <---OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

---------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFoggerto disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 April 2013 - 06:53 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users